$OpenBSD: patch-lib_cgraph_scan_l,v 1.2 2015/08/21 16:06:06 jasper Exp $

Security fix for CVE-2014-9157, graphviz: format string vulnerability in yyerror()
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081.patch

--- lib/cgraph/scan.l.orig2	Fri Aug 21 10:25:19 2015
+++ lib/cgraph/scan.l	Fri Aug 21 10:25:42 2015
@@ -223,7 +223,7 @@ void yyerror(char *str)
 	agxbput (&xb, buf);
 	agxbput (&xb, yytext);
 	agxbput (&xb,"'\n");
-	agerr(AGWARN,agxbuse(&xb));
+	agerr(AGWARN, "%s", agxbuse(&xb));
 	agxbfree(&xb);
 }
 /* must be here to see flex's macro defns */
